Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests

Listen Up. Lock Down.

•The average time from breach to detection is 210 days.
•Mobile malware samples increased by 400%.
•E-commerce applications account for 48% of breach investigations.

Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

Hosted by Trustwave SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.

Listen Up. Lock Down.

•The average time from breach to detection is 210 days.
•Mobile malware samples increased by 400%.
•E-commerce applications account for 48% of breach investigations.

Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

Hosted by Trustwave SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.

Malware comes in all shapes and sizes. Some malware is mass-distributed while other malicious software is purpose-built to target specific data or businesses.

And malware developers are continually “improving” their product - through propagation complexity, control channels, anti-forensic techniques and data exporting properties.

Presented by John Miller, research manager for Trustwave SpiderLabs, this talk covers the evolution of malware as it adapts to today’s computing environments. Learn about:

•How attackers are adapting malware
•Common and targeted malware trends
•Key methods to prevent attacks

You’ll gain detailed insight into today’s leading malware research and information on how to build a better overall security posture.

Like everyone else, you know that application penetration tests are a critical part of any reasonable security program. So you setup a bake-off and find a qualified security company to test your applications. Things are going well and you start to see results show up in the reporting portal (or, if it’s still 2005, you get PDF reports).

But identifying vulnerabilities is only half the battle. Once you know where your problems are, what do you do next? Schedule fixes for the next code deployment? Create virtual patches? What about long-term solutions?

Find out what you can expect from an application penetration test, and what to do with the results in this hour-long session led by Trustwave SpiderLabs experts Charles Henderson, Director of Application Security Services, and Ryan Barnett, Lead Security Researcher.

You’ll gain insight into:
•Common and serious vulnerabilities uncovered by testing
•Immediate tactical responses to remediation
•Long-term strategic initiatives to improve application security

You’ll walk away with actionable information on how to take full advantage of an application penetration test to strengthen application security throughout your organization.

Your Web applications are at the heart of your business – they hold your intellectual property, drive your sales, and keep the trust of your customers. But here’s the problem – they’re fast becoming the preferred attack vector of hackers.

In this upcoming webinar, you’ll get expert coaching and actionable advice that will help you protect your applications -- from design to production.

Our presenters will cover:
•A real-world view of the application lifecycle with expert guidance at each stage - Presented by Chenxi Wang, PhD, VP and Principal Analyst, Forrester Research
•How a global leader in e-commerce built an actionable strategy for trusted applications - Presented by Wyman Lewis, MBA, CISSP, Information Security Director, GSI Commerce, an eBay Company
•How a solution provider’s 360° approach helps secure thousands of mission critical apps - Presented by Marc Shinbrood, VP, WAF Business Unit, Trustwave

You’ll walk away with actionable information that you can deploy immediately, to strengthen the security of your critical applications. You’ll also be armed with expert knowledge and peer advice that will guide your longer-term strategies around full lifecycle application design, testing, planning and production.

In 2011 investigations, more than 85% of data breaches took place in restaurants, diners, retail stores and hotels.

Hackers are experts when it comes to stealing your data...including the credit card numbers of your customers.

Learn how to easily and quickly protect your business. View Why Hackers Love Your Business and find out:

- Why hackers are targeting your multi-site business
- What data they steal and why they don't get caught
- What you can do to protect all your sites

Vulnerability scanning is a necessary tool for validating compliance with the Payment Card Industry Data Security Standards (PCI DSS), but more importantly this process can help to identify where weaknesses exist across your network, computers and applications. When treated as a "snapshot" of a network from the outside (think attacker's) point-of-view, this technology can become much more valuable.

To help organizations better manage vulnerabilities and pass scans for compliance, this webinar highlights the top 5 weaknesses that vulnerability scanning most often finds.

During this presentation, we'll cover:
•Benefits of enterprise vulnerability management
•The types of vulnerabilities seen most often
•How to fix serious issues and get the most value from scans
•Remediation do's and don'ts for items that crop up

Join us for this live webinar and gain expert guidance based on experience gathered from thousands of tests.

Based on investigations conducted by Trustwave SpiderLabs, only 12% of targeted malware was detected by traditional anti-virus solutions in 2011. Targeted attacks are highly successful because they focus on specific organizations and are crafted to elude traditional point product security controls, including anti-virus. Protecting against such targeted attacks – on top of everything else – requires you to be as innovative as the hackers.

Get insights on how to innovate your security from Wendy Nather, analyst with 451 Research, and Manu Namboodiri, vice president of product marketing, Trustwave. Learn:

- Where you may be vulnerable to targeted attacks and persistent threats from malware
- Best practices based on preventing intrusion, propagation, vulnerabilities and data exfiltration
- How Trustwave unifies Web, email and network security solutions to detect, block, isolate and prevent targeted attacks

True Stories of Real Pen Tests - Featuring demos of complex hacks and how business systems can be used against an organization.

Earth vs. the Giant Spider: Amazingly True Stories of Real Pen-Tests brings the audience the most massive collection of weird, downright freaky, and altogether unlikely hacks ever seen in the wild. Through stories and demonstrations, we will take the audience into a bizarre world where odd business logic flaws get you almost free food (including home shipping), sourcing traffic from port 0 allows ownership of the finances a nation, and security systems are used to hack organizations.

This talk will focus on:
•Complex hacks found in real environments
•Showing effective attacks not found with automated methods
•Types of victim organizations and data accessed

By the end of this presentation we hope to have the audience thinking differently about systems and applications that organizations use every day, and how they may be used against them.

Profit and ideology are the two biggest motivations driving cyber attacks against Web applications – with all business types and governments as potential targets. The best way to combat attacks of this nature through awareness and analysis of Web application security threats.

During this webinar, Ryan C. Barnett, senior security researcher for Trustwave SpiderLabs and leader of the Web Application Security Consortium's (WASC) Web Hacking Incidents Database (WHID), will:

•Review current attack trends and stats
•Highlight analysis from the WHID and honeypot data
•Identify top Web application security practices

This event is ideal for businesses that have Web applications and need to protect the data flowing through those applications.

Find out what you need to know about PCI DSS compliance.

The Payment Card Industry Data Security Standard (PCI DSS) was created to help prevent credit card fraud and security vulnerabilities and threats. Any business that process, stores or transmits payment card data must validate compliance with the PCI DSS.

Led by a Trustwave expert, this webinar will help you:
•Understand the 12 requirements of PCI DSS
•Identify your responsibilities as a merchant
•Know how to get started

This webinar will be useful for anyone beginning the compliance process or looking to better understand the PCI DSS.

Cryptography is often used to secure data, but few people have a solid understanding of it. Even for cryptographers, it is still easy to make mistakes. The algorithms might be peer-reviewed and unbroken for years, but if used incorrectly, they can still leak information.

Cryptographic oracles are systems which take user-controlled input and leak part or all of the output, generally leading to an attacker being able to defeat the cryptography, in part or in whole. This lecture will:
• Define encryption, decryption, and padding oracles
• Explain why an unbroken algorithm doesn’t matter
• Describe how to find cryptographic oracles
• Explore the ways in which oracles can be used to mount attacks

If the thought of a breach is keeping you up at night, this presentation will give you tangible recommendations on strengthening your information security strategy. Based on the Trustwave 2012 Global Security Report, the presentation will feature data from more than 300 investigations and 2,000 penetration tests conducted in the previous 12 months.

Presented by Nicholas J. Percoco, Trustwave SVP and Head of SpiderLabs, this 60-minute session will:

- Highlight the threats targeting your organization's valuable assets
- Explain state-of the art-attack methods uncovered in our data breaches investigations
- Use real-world security research to put the most common weaknesses under the microscope

In today's cyber world, it's no longer a matter of 'if' a data breach will occur, but 'when." Attend this presentation to gain insight into the vulnerabilities that are affecting businesses today, and the strategic initiatives you can take to better secure data within your organization.

Unified Security: Respond and Prevent to Manage Risk

Unified Security: Respond and Prevent to Manage Risk

Hackers frequently target small merchants, as many such businesses are not adequately protecting the systems and devices on which payment card data is stored or processed. Research conducted by Trustwave identifies the current risks and vulnerabilities faced by smaller businesses, and especially for those merchants that have not validated compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Led by expert Gregory Rosenberg, this webinar will cover:
•Payment card risks for small merchants
•How to take action for PCI DSS validation
•How to prioritize payment card security